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DETAILED ACTION 



1. 



The IDS of 2/3/2004 was received and considered. 



2. 



Claims 1-30 are pending. 



Election /Restrictions 



3. Applicant's election of species I in the reply filed on 1 2/ '4/2007 is 
acknowledged. Because applicant did not distinctly and specifically point out 
the supposed errors in the restriction requirement the election has been treated 
as an election without traverse (MPEP § 818.03(a)). Claim 18 is withdrawn from 
further consideration pursuant to 37 CFR 1 .142(b) as being drawn to a 
nonelected specie, there being no allowable generic or linking claim. Based on 
the potential allowable subject matter described below, claims 9-1 1 & 26 are 
rejoined. 



4. Claims 1 -1 2 & 23-27 are objected to because of the following informalities: 

a. Regarding claim 1 (and 2-12 by dependence), the limitation "the 
secret unique key" (line 6) should be replaced with "the unique key". 

b. Regarding claim 23 (and 24-27 by dependence), the limitation 
"and transaction sequence number" (last two lines) should be replaced 
with "and a transaction sequence number". 



Claim Objections 
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Claim Rejections -35USC§112 

5. The following is a quotation of the second paragraph of 35 U.S.C. 1 1 2: 

The specification shall conclude with one or more claims particularly pointing out and 
distinctly claiming the subject matter which the applicant regards as his invention. 

6. Claims 7, 1 3-1 7, 19, 20-23 & 25-30 rejected under 35 U.S.C. 1 1 2, second 
paragraph, as being indefinite for failing to particularly point out and distinctly 
claim the subject matter which applicant regards as the invention. 

c. Regarding claim 7, the limitation "the cryptogram C" (line 3) lacks 
sufficient antecedent basis. 

d. Regarding claim 13, the limitations "capable of" (lines 2, 4) are 
unclear because a capability is claimed rather than apparatus limitations 
required to achieve the capability. Therefore, the scope of these 
limitations is unclear. The limitations following "capable of" are not 
considered. 

e. Regarding claim 13, the limitation "the point of entry" (last line) 
lacks sufficient antecedent basis. 

f. Regarding claim 20, the limitations "capable of" (lines 2, 5 & 9) are 
unclear because a capability is claimed rather than apparatus limitations 
required to achieve the capability. Therefore, the scope of these 
limitations is unclear. The limitations following "capable of" are not given 
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patentable weight. For the limitation in line 9, it is understood that 
program code can impart functionality on a processor when executed. 
This limitation is read "program code embodied therein causing the 
processor 

g. Regarding claim 21 , the limitation "capable of" (line 3) is unclear 
because a capability is claimed, raising the question as to whether the 
code actually performs the steps. Therefore, the scope of these limitations 
is unclear. However, it is understood that program code can impart 
functionality on a processor when executed. This limitation is read 
"program code causing the processor 

h. Regarding claim 22, the limitation "capable of" (lines 3, 8, 1 1 & 1 7) is 
unclear because a capability is claimed, raising the question as to 
whether the code actually performs the steps. Therefore, the scope of 
these limitations is unclear. However, it is understood that program code 
can impart functionality on a processor when executed. This limitation is 
read "program code causing the processor 

i. Regarding claim 23, the limitations "capable of" (lines 2, 5 & 8) are 
unclear because a capability is claimed rather than apparatus limitations 
required to achieve the capability. Therefore, the scope of these 
limitations is unclear. The limitations following "capable of" are not given 
patentable weight. For the limitation in line 8, it is understood that 
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program code can impart functionality on a processor when executed. 
This limitation is read "program code embodied therein causing the 
processor 

j. Regarding claim 25, the limitation "capable of" (lines 3, 5, 7, 14, 19 
& 24) is unclear because a capability is claimed, raising the question as to 
whether the code actually performs the steps. Therefore, the scope of 
these limitations is unclear. However, it is understood that program code 
can impart functionality on a processor when executed. This limitation is 
read "program code causing the processor 

k. Regarding claim 26, the limitation "capable of" (lines 3, 5, 7, 12 & 
1 7) is unclear because a capability is claimed, raising the question as to 
whether the code actually performs the steps. Therefore, the scope of 
these limitations is unclear. However, it is understood that program code 
can impart functionality on a processor when executed. This limitation is 
read "program code causing the processor 

I. Reggrding clgim 27, the limitation "capable of" (line 3) is unclear 
because a capability is claimed, raising the question as to whether the 
code actually performs the steps. Therefore, the scope of these limitations 
is unclear. However, it is understood that program code can impart 
functionality on a processor when executed. This limitation is read 
"program code causing the processor 
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m. Regarding claim 28, the limitation "capable of" (line 9) is unclear 
because a capability is claimed rather than apparatus limitations required 
to achieve the capability. Therefore, the scope of these limitations is 
unclear. For the purposes of this action, in light of the rest of the claim, the 
limitation "being capable of" is understood to be removed, 
n. Regarding claim 29, the limitation "capable of" (line 9) is unclear 
because a capability is claimed rather than apparatus limitations required 
to achieve the capability. Therefore, the scope of these limitations is 
unclear. For the purposes of this action, in light of the rest of the claim, the 
limitation "being capable of" is understood to be removed, 
o. Regarding claim 30, the limitation "capable of" (line 9) is unclear 
because a capability is claimed rather than apparatus limitations required 
to achieve the capability. Therefore, the scope of these limitations is 
unclear. For the purposes of this action, in light of the rest of the claim, the 
limitation "being capable of" is understood to be removed. 

Claim Rejections - 35 USC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 1 02 that form the basis for the rejections under this section made in this 
Office action: 

A person shall be entitled to a patent unless - 
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(b) the invention was patented or described in a printed publication in this or a foreign country or 
in public use or on sale in this country, more than one year prior to the date of application for 
patent in the United States. 

8. Claim 20-22 are rejected under 35 U.S.C. 1 02(b) as being anticipated by 
"Efficient Identification and Signature Schemes" by Ohta. 

Regarding claim 20, Ohta discloses an apparatus comprising an 
enrollment system (centre issuing smart cards, HI & H4) comprising a 
communication interface (inherent as the smart card computes receives values, 
H5) capable of communicating with a writer configured to accept a smart card 
(values are written to card, 115), a processor coupled to the communication 
interface (inherent as S t is computed, H5) and a memory coupled to the 
processor and having a computable readable program code (algorithm) 
embodied therein capable of causing the processor to initialize and personalize 
a smart card with a unique key per smart card [S, is computed and recorded 
on the smart card, H5), the unique key derived from a private key (d) that is 
assigned an distinctive to systems and a card base of a card issuer (centre, H4). 

Regarding claim 21, Ohta discloses a computable readable program 
code capable of causing the processor to write to an enrolled smart card a 
stored public entity-identifier [l t is stored because the card sends it to the 
verifier, H6 Step 1) and the secret unique key [S [t H5). 

Regarding claim 22, Ohta discloses a computable readable program 
code capable of causing the processor to define public key values (e, N) that 



Application/Control Number: 1 0/772,065 Page 8 

Art Unit: 2134 

are exclusive to a card issuer system and card base (H5), the key value e being 
a public exponent (H4) and a key value N (n) is a modulus in an RSA system (HH2- 
4), a computable readable program code capable of causing the processor to 
define a private key value d (11114-5) that is exclusive to a card issuer system and 
card based, the private key value d being a secret RSA private key (H5), a 
computable readable program code capable of causing the processor to 
compute a secret key u ( S, , 115) that is unique to the smart card using an 

equation of the form u=xAd(mod N) (5 ; =//mod/?, 115), where x (/.) is an entity- 
identifier that identifies the smart card and the entity (user, H4) and a 
computable readable program code capable of causing the processor to store 
the secret key u [S,, 115) on the smart card with the public key values x, e and N 
(/ ; ,e,n,H5). 



Claim Rejections - 35 USC § 103 

9. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would 
have been obvious at the time the invention was made to a person having ordinary skill in the 
art to which said subject matter pertains. Patentability shall not be negatived by the manner 
in which the invention was made. 

10. Claims 13-14 are rejected under 35 U.S.C. 103(a) as being unpatentable 



over Ohta in view of U.S. Patent 4,288,659 to Atalla. 
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Regarding claim 13, Ohta discloses a smart card (p. 1 15, H5) comprising 
an interface capable of communicating with a card reader and/or writer 
(inherent as the card is written with H5), a processor coupled to the interface 
(microprocessor, HI) and a memory coupled to the processor (HI 4) that stores a 
public entity-identifier (n, e, H5) and a secret unique key (£., H5) derived from a 
private key (d) that is assigned and distinctive to systems and a card base of a 
card issuer [S i =//mod«, H5), and a computable readable program code 
embodied therein (algorithm, inherent if RSA is performed, HI 5) that creates a 
PIN encryption key ( Y = SiR v mod n , 116 Step 3) derived from the smart card 
unique key [S,). but lacks creating a transaction identifier that uniquely identifies 
the point of entry and transaction sequence number. However, Atalla teaches 
that during a monetary transaction, a pair of input signals is encrypted, where 
the PIN from the authorized individual, a sequence number and a machine 
identification number (col. 2, lines 48-63) to identify the terminal and to create a 
unique transaction value (col. 2, lines 55-63). Therefore, it would have been 
obvious to one having ordinary skill in the art at the time the invention was made 
to modify Ohta to create a sequence number and machine identifier and send 
this in the transaction. One of ordinary skill in the art would have been 
motivated to perform such a modification to identify the terminal/reader and to 
create a unique transaction value, as taught by Atalla. 
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Regarding claim 14, Ohta discloses a secret unique key u [S it H5) stored in 
memory (115) with public key values x, e and N (/ ; , e, n, H5 and /. is stored 
because the card sends it to the verifier, Step 1), wherein x (/.) is an entity- 
identifier that identifies the smart card and the entity (H4), a key value e is a 
public exponent (H4) and a key value N (n) is a modulus in an RSA system (HH2- 
4), the public key values (e, N) being exclusive to a card issuer system and card 
base (H5), wherein the secret key u is unique to the smart card and computed 
using an equation of the form u=xAd(mod N) (£,. =// mod«, H5), wherein the 
private key d is exclusive to the card issuer (private key, H5) and card based, the 
private key value d being a secret RSA private key (115). 

11. Claim 19 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ohta & Atalla, as applied to claim 13 above, in further view of U.S. Patent 
6,990,471 to Rajaram. 

Regarding claim 19, Ohta lacks computing a hash. However, Rajaram 
teaches that a consumer with a smart card (Fig. 1 , # 1 1 4) uses the device to 
create a hash of receipt data to confirm a transaction (col. 5, lines 41-62). 
Therefore, it would have been obvious to one having ordinary skill in the art at 
the time the invention was made to modify Ohta to include in the memory a 
computable readable program code capable of causing the processor to hash 



Application/Control Number: 10/772,065 Page 1 1 

Art Unit: 2134 

transaction data elements and communicate the hash point-to-point to a card 
issuer (financial institution). One of ordinary skill in the art would have been 
motivated to perform such a modification to confirm a transaction's validity, as 
taught by Rajaram. 

Potential Allowable Subject Matter 

1 2. Claims 1 -1 2 & 23-30, as best understood are believed to be allowable if 
any of the above rejections under 35 U.S.C. § 1 1 2 and objections to the claims 
are overcome. 

13. Claims 15-17 are objected to as being dependent upon a rejected base 
claim, but are believed to be allowable if rewritten in independent form 
including all of the limitations of the base claim and any intervening claims and 
any of the above rejections under 35 U.S.C. § 1 1 2 and objections to the claims 
are overcome. 

1 4. The following is a statement of reasons for the indication of allowable 
subject matter: 

p. Regarding claim 1 (and claims 2-12 by dependence), Ohta 
discloses enrolling a smart card with a unique key per smart card, the 
unique key derived from a private key that is assigned and distinctive to 
systems and a card base of a card issuer, an enrolled smart card 
containing a stored public entity-identifier and the secret unique key (see 
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above discussion with respect to claims 13 and 20). Atalla discloses the 
well known concept of transacting at a point of entry to a network where 
the transaction uniquely identifies the point of entry and a sequence 
number (see above discussion). However, the prior art of record fails to 
teach or disclose, either alone or in combination, communicating the PIN 
encryption key point-to-point in encrypted form through a plurality of 
nodes in the network and recovering the PIN at a card issuer server from 
the PIN encryption key using the card issuer private key, in combination 
with the other elements of the claims. 

q. Regarding claim 1 5 (and claims 1 6-1 7 by dependence), the prior 
art of record fails to teach or disclose, either alone or in combination, 
computing an equation of the form K = u ■ TSN H (mod N) , where K is a 
keying code, u is a secret key, TSN is a transaction sequence identifier that 
identifies the terminal and a sequence number for a transaction 
originating at the terminal, H is a hash of transaction data elements, in 
combination with the other elements of the claims, 
r. Regarding claim 23 (and claims 24-27 by dependence), Ohta and 
Atalla are discussed above. However, the prior art of record fails to teach 
or disclose, either alone or in combination, causing the processor to 
recover a Personal Identification Number (PIN) from a transaction PIN 
encryption key received via the network using a card issuer private key, 
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the transaction PIN encryption key being derived from a smart card 
unique key initialized and personalized to the smart card and derived 
from the card issuer private key, and a transaction identifier that uniquely 
identifies the point of entry and transaction sequence number, in 
combination with the other elements of the claims, 
s. Regarding claim 28, Ohta and Atalla are discussed above. 
However, the prior art of record fails to teach or disclose, either alone or in 
combination, creating, communicating, and decrypting a PIN encryption 
key derived from a smart card unique key and a transaction identifier that 
uniquely identifies a point of entry terminal and transaction sequence 
number, the smart card unique key being derived from a private key that 
is assigned and distinctive to systems and a card base of a card issuer, in 
combination with the other elements of the claim, 
t. Regarding claim 29, Ohta and Atalla are discussed above. 
However, the prior art of record fails to teach or disclose, either alone or in 
combination, decrypting a PIN encryption key derived from a smart card 
unique key and a hash of transaction data elements, enabling 
simultaneous key management and integrity checking, in combination 
with the other elements of the claim. 

u. Regarding claim 30, Ohta and Atalla are discussed above. 
However, the prior art of record fails to teach or disclose, either alone or in 
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combination, means for recovering the PIN at a card issuer server from the 
PIN encryption key using the card issuer private key, in combination with 
the other elements of the claim. 



Conclusion 

1 5. The prior art made of record and not relied upon is considered pertinent 

to applicant's disclosure. 

v. The Chang reference is cited for teaching IBE, specifically creating 
a secret key (customized) using a card issuer's private key and an identity 
of the user, and computing a signature using a hash function (p. 1). 
w. U.S. Patent 7,240,034 is cited for teaching the use of electronic 
wallets (smart cards) in transactions at points of entry and using a terminal 
ID and an anti-replace data in a transaction. 

x. U.S. Patent 5,694,471 is cited for teaching storing ID data and a 
public key on a smart card. 

y. U.S. Patent 6,105,008 is cited for teaching communicating a 
financial transaction over the Internet between a smart card and bank 
(over a indeterminate number of nodes, Fig. 4). 

Any inquiry concerning this communication or earlier communications 
from the examiner should be directed to Michael J. Simitoski whose telephone 
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number is (571 ) 272-3841 . The examiner can normally be reached on Monday - 
Thursday, 6:45 a.m. - 4:15 p.m.. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 . The fax 
phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR 
only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-21 7-9 1 97 (toll-free) . If 
you would like assistance from a USPTO Customer Service Representative or 
access to the automated information system, call 800-786-9199 (IN USA OR 
CANADA) or 571 -272-1 000. 

February 21, 2008 

/Michael J Simitoski/ 

Primary Examiner, Art Unit 2134 



